Softwire Authentication Mechanism PPP Authentication Mutual authentication using CHAP No per-packet authentication, no integrity, no replay protection L2TPv2 Authentication Optional CHAP-like authentication Same security verunerability as PPP IPsec Authentication MUST be used in non-trusted, public IP network IKE must be supported. Selection of Key management mechanism depends on deployment scenario (shared secret, certificate and EAP exchange identity for IKEv2 ) NAT-traversal in IKE |